Create a default security policy for this org#1
Create a default security policy for this org#1
Conversation
This change create a security policy that will effectively be the default for all repos in the this org. The contents of this policy do not mention project specific details so as to keep it generic enough to be used by any repository in the org. For more information on GitHub security policies, see: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository This file serves as one of the default community health files for the org. Further details can be found here: https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file
|
Hi @ericwb ! It looks like this is taken mostly from the standard SECURITY.md that we're using from OSPO, is that correct? One thing that stands out is line 15, " If you know of a publicly disclosed security vulnerability for this project, please IMMEDIATELY contact the maintainers of this project privately. The use of encrypted email is encouraged." |
This change create a security policy that will effectively be the default for
all repos in the this org. The contents of this policy do not mention project
specific details so as to keep it generic enough to be used by any repository
in the org.
For more information on GitHub security policies, see:
https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
This file serves as one of the default community health files for the org. Further details can
be found here:
https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file